accessing offsite server? vpn?

[AP2]

so i run a very small business with a file server running Windows Home Server for Quickbooks. I would like to access this server remotely. what would be the best way to do this?

 

[StarTrek4U]

Remote Desktop, just port forward from your router to the server... done.

Side Note: make sure you have a semi-decent password and not something like "pass"

 

[Jay_2]

and dont have the account name as "administrator"

 

[Red Squirrel]

OpenVPN, or ssh server with brute force protection. you can setup SSH tunnels to ports you need to access. OpenVPN will be easier to use though as it is a true VPN.

Don't open up RDP or any other remote access tool to public internet.

 

[AP2]

Thanks for the advice guys. Would purchasing a firewall be a better choice? I was briefly looking at the watchguard xtm 21-wifi.

 

[Red Squirrel]

You'll want a firewall anyway, so VPN functionality could be a key point to look at. There's tons of free linux based firewalls too that you can also look into, such as untangle. I believe it does have VPN capabilities. I only played with it briefly.

 

[dashpuppy]

You'll want a firewall anyway, so VPN functionality could be a key point to look at. There's tons of free linux based firewalls too that you can also look into, such as untangle. I believe it does have VPN capabilities. I only played with it briefly.

Use the vpn function every day, runs perfectly. Also does more things that might help out with protection for the server too

 

[YeOldeStonecat]

You don't want to run Quickbooks through a VPN..unless you have like a ...10 meg upload. Quickbooks is a hefty pig, it will be glacially slow through a VPN.

Take a desktop computer on your home LAN, and forward the remote desktop ports to it through your router...after assigning a static LAN IP to this workstation. Have a good password for that user account.

Remote Desktop did have on "in the lab, man in the middle" vulnerability against it in the old version, but that was "in the lab"...and pretty much impossible to reproduce and put into effect out in the real world. Since then, a few years ago, Microsoft has tightened up Remote Desktop..and it's secure now. If you are one of those super nail biting worrying types...you can put a policy in place to have it time out for XXX amount of minutes after XXX amount of failed log in attempts. But honestly...it's secure, as long as you have a good password.

 

[Red Squirrel]

You don't want to run Quickbooks through a VPN..unless you have like a ...10 meg upload. Quickbooks is a hefty pig, it will be glacially slow through a VPN.

Take a desktop computer on your home LAN, and forward the remote desktop ports to it through your router...after assigning a static LAN IP to this workstation. Have a good password for that user account.

Remote Desktop did have on "in the lab, man in the middle" vulnerability against it in the old version, but that was "in the lab"...and pretty much impossible to reproduce and put into effect out in the real world. Since then, a few years ago, Microsoft has tightened up Remote Desktop..and it's secure now. If you are one of those super nail biting worrying types...you can put a policy in place to have it time out for XXX amount of minutes after XXX amount of failed log in attempts. But honestly...it's secure, as long as you have a good password.

I would strongly suggest against doing this. This is not any different then forwarding a port to VNC or any other remote access app. These are meant for in-lan and don't have security such as brute force protection, logging, etc. A bot can be sent on it and be trying for months non stop and you will not know a thing. You want a VPN solution that if someone fails to get in, you get an email, and if they fail too many times, their IP is blocked completly.

Also keep in mind if you do get exploited, they essentially have access to your whole network not just that PC.

 

[FXDawg]

Hi Guys,

I'm looking to setup a VPN for a remote office trailer to our office. Problem is, I don't know anything about seting one up. Do any of you know of a good "how to" or can any of you walk me through it.

We have a sonicwall Pro 2040 on this end. we will only be using it for email, and some file sharing.

Servers are running windows server 2003.

We have a VPN from another office site right now and there is actually a sonicwall there too but i don't have the model number and It was already in place when I came to work here.

I'm not sure if purchasing another sonicwall for the new site is a good option or even wht the procedure would be to set that up.

Any advice will be greatly appreciated.

 

[/usr/home]

I have never had a problem with remote desktop and security. Just make sure you have a good firewall and the right policies like YeOlde said. You'll be golden then.

 

[marley1]

Or logmein and be done =)

 

[FXDawg]

logmein is okay for filesharing but not so good for applications. I've tried it for running Autocad remotely and it was painful.

 

[dashpuppy]

are you rdp'ing to the network from a machine at home ? is this the same machine every time or will it change ?

Untangle would be perfect with a vpn connection from your machine to the office / network where you wish to rdp to a box, very secure and great performance.

J'

 

[FXDawg]

I'm hoping to set up a remote office with 4-5 users for about 3 years.

Okay so the current Satellit offce is tied in with a SonicWall TZ 180 to the Pro 2040.

The problem here is that the IT company we were using lost their one competient tech and now completely sucks and while we're interviewing new ones I was hoping I couold take care of this issue. I don't think it should be that difficult I just need some guidance.

 

[dashpuppy]

I'm hoping to set up a remote office with 4-5 users for about 3 years.

Okay so the current Satellit offce is tied in with a SonicWall TZ 180 to the Pro 2040.

The problem here is that the IT company we were using lost their one competient tech and now completely sucks and while we're interviewing new ones I was hoping I couold take care of this issue. I don't think it should be that difficult I just need some guidance.

you said sonicwall OH NOOO!!!

 

[aaronearles]

You don't want to run Quickbooks through a VPN..unless you have like a ...10 meg upload. Quickbooks is a hefty pig, it will be glacially slow through a VPN.

This is very true, you'll want to access quickbooks from an internal machine over rdp, even if you decide to be paranoid and block rdp access from the net, you can still vpn in, and then use rdp to connect to the desktop.

 

[Red Squirrel]

SonicWalls are ok, if you want to spend a couple grand then find out you need to spend even more because of licensing required for more features. There's lot of free solutions out there, I'd look into those first.

 

[Berg0]

you said sonicwall OH NOOO!!!

There's nothign "wrong" with sonicwall, sjut because you bought some low end device and couldn't get it configured doesn't mean they are terrible. I've got a pile of NSA2400's from them, they were OK devices, replaced them all with juniper SRX gateways which jsut happen to be better.

 

[FRAGMAN BOB]

We use a sonicwall 2400 to connect to our other site TZ200 through a firewall-firewall VPN. They bascially just have each others IP in the VPN config

 

[YeOldeStonecat]

I would strongly suggest against doing this. This is not any different then forwarding a port to VNC or any other remote access app. These are meant for in-lan and don't have security such as brute force protection, logging, etc. A bot can be sent on it and be trying for months non stop and you will not know a thing. You want a VPN solution that if someone fails to get in, you get an email, and if they fail too many times, their IP is blocked completly.

Also keep in mind if you do get exploited, they essentially have access to your whole network not just that PC.

*Fact, RDP is indeed secure. And it's quite more than many/most of the various VNC clones out there.
*Fact, RDP is designed not just for LAN, but also for across the internet.
? for you...what part of setting up to cancel host after XXX failed attempts goes way over your head? It's wonderfully simple and easy. Who cares if someone runs a grinding bot against your host....with minutes of timeouts, now they'll take 5,000 plus years to get in via the first 1/4 of the scripts.
I, nor most people, want to get e-mailed logs for failed attempts to get in...have you ever look at logs for a robust firewall? How many IPs are there out in the world...now consider how many hackers or wannabes are out there...and the amount of scans and grinding attacks they run with scripts...logs fill up quickly, I don't want my inbox filling up like it was under niagara falls.

 

[thee_rook]

are you rdp'ing to the network from a machine at home ? is this the same machine every time or will it change ?

Untangle would be perfect with a vpn connection from your machine to the office / network where you wish to rdp to a box, very secure and great performance.

J'

Listen to this man. Best advice so far.

Untangle and be done.

RDP is secure. VPN can be secured at different levels and can be set up to be worse than RDP.
Untangle can connect box to box sites easily through openVPN via encryption.

Again I would say Untangle and be done.

 

[thee_rook]

There's nothign "wrong" with sonicwall, sjut because you bought some low end device and couldn't get it configured doesn't mean they are terrible. I've got a pile of NSA2400's from them, they were OK devices, replaced them all with juniper SRX gateways which jsut happen to be better.

You can go with this guy's Sonic wall NSA 2400 for 2k each or the Juniper for 16k and be happy as clams. That is if you wanted to go with brand new comps, untangle ISO, and a couple hours for 1k and have all locations(3) connected like a snap securely. This guy prolly missed the

very small business

part.